<?php
$HOST_NAME = 'localhost';
$USERNAME = 'mrc02_login';
$PASSWORD = 'loginDB';
$DB = 'mrc0260_sportinggoodscompany';
$TABLE = 'sgc_users';

	
$CON = mysqli_connect($HOST_NAME,$USERNAME,$PASSWORD,$DB) or die(mysql_error());
$username = mysqli_real_escape_string($CON,$_POST['username']);
$password = md5(mysqli_real_escape_string($CON,$_POST['password']));
$sql = "SELECT * FROM $TABLE WHERE use_username='$username' and use_password='$password'";
$result = mysqli_query($CON, $sql);
$count = mysqli_num_rows($result);
if($count == 1)
{
	session_start();
	$query = "SELECT * FROM $TABLE WHERE use_username='$username' LIMIT 1";
	$result = mysqli_query($CON, $query);
	$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
	if($row['use_active']){
		$_SESSION['username'] = $username;
		$_SESSION['password'] = $password;
		$_SESSION['firstname'] = $row['use_first_name'];
                $_SESSION['level'] = $row['use_level'];
		header("Location: index.php");
	}
	else{
		header("Location: nonactive.php");
	}

}
else
{
	echo "Incorrect username or password";
}

?>


